Why IT leaders should consider the software defined perimeter

While technology has long been considered an engine necessary to keep the business moving forward, it is now recognized as a true business driver, capable of creating new efficiencies, capabilities, and opportunities previously out of reach for most enterprises. The role of the IT leader has similarly evolved, with CISOs, CIOs, and CTOs now part of the executive suite due to a new strategic focus on technology.

The major factors in this shift have been the explosion of enterprise public cloud adoption, including Azure and AWS, and the widespread use of employee-owned mobile devices for work. Companies are leveraging these technologies to optimize business processes and deliver products and services more quickly and at a lower overall cost. But what about the risk that they introduce?

Because of the shift toward cloud and mobility, the traditional security perimeter that once protected users and internal services within the corporate network is to a large extent gone.

The time has come for security to evolve, moving protections closer to the user and bringing a new emphasis on convenience, flexibility, and reliability.

A solution for a changing IT

environment

“DMZs and Legacy VPNS were designed for the networks of the 1990s and have become obsolete because they lack the agility needed to protect the digital business.” 1 – Gartner

Riley, Steve; MacDonald, Neil; and Young, Greg, “It’s Time to Isolate Your Services From the Internet Cesspool,” Gartner, September 2016.

1

To advance business initiatives and bridge the gap between business needs and IT capabilities, IT leaders must choose technology that allows them to:

1. Solves the IT skills shortage, allowing the enterprises to make the most of talent on hand

2. Deliver a superior user experience for employees and key company stakeholders

3. Be adaptive and agile to empower a dynamically changing business

4. Reduce the risks that can threaten productivity, IP, and a company’s reputation

5. Accelerate the adoption of new, enabling technologies Identifying the technologies that will achieve these goals is a difficult task, as the goals can seem at odds. The decision to adopt cloud services and mobile technologies, for example, achieves the goal of a streamlined user experience, but what about the goal of minimizing the chance of a security attack? IT leaders must strike a careful balance between accelerating the adoptiof new, enabling technologies, and ensuring the security of sensitive data. Choosing the right technology at the right time is critical.

Challenges that technology

leaders must overcome

“Security leaders should deploy technology that facilitates digital business access to applications while shielding them from many kinds of prevalent attacks that are common on the cesspool that is the modern internet.” 1 – Gartner

Riley, Steve; MacDonald, Neil; and Young, Greg, “It’s Time to Isolate Your Services From the Internet Cesspool,” Gartner, September 2016.

1

Developed in 2007, the software defined perimeter (SDP) stemmed from the work done by the Defense Information Systems Agency (DISA). The initial goal of SDP was to deliver a network security method for providing access to mission-critical services on a zero-trust, need-to-know basis using the internet and software, not hardware technologies hosted in the data center. It turns out that the benefits of SDP are far greater than had been expected. Today, SDPs are being used not only to protect networks and critical assets from external threats, but also to enable business initiatives via the secure adoption of modern technologies, with stronger security and no change to the current environment.

Earlier we discussed the five key factors that IT leaders must consider when adopting new technologies. Let’s take a look at how SDP plays a role in enabling each.

1. Solves the IT skills shortage – One difficulty with innovation is that there is often a shortage of experts available to help understand and implement it. The simplicity of SDPs—all software, no hardware—makes it easy to implement without the need to hire new specialists. This simplicity allows IT leaders to adopt technology that can secure access to applications moving to cloud, even from unmanaged mobile devices, while maximizing the productivity of the IT staff.

2. Provides a superior user experience – Users are playing an increasingly large role when it comes choosing enterprise technology. Providing a positive user experience is one of the most important benefits of the SDP. It allows users to access applications seamlessly, regardless of whether that application is running in a cloud or data center. A cloud-like user experience has become the new standard, and SDP delivers it.

3. Delivers agility and scale – The number of enterprise applications, users, and user devices is constantly changing, along with the needs of the business. By leveraging the internet and cloud to provide users with access to applications, SDPs offer a level of agility and scale unmatched by any legacy technology. Just think how difficult it would be to scale the number of hardware stacks across multiple data centers around the world. Now compare this to the scale of the internet. The internet wins by a long shot.

Software defined

perimeter enables

business success

4. Reduces risk – Security is often one of largest barriers to cloud adoption and the allowance of personal mobile devices, as these technologies can mean increased risks to the business. SDPs provide secure, policy-based remote access to applications and check both device posture and identity prior to allowing access. Only authorized users can access an application. With SDP, IT leaders can ensure that even as applications move to third-party IaaS platforms they remain secure. Additionally, users may leverage their own device for work without having their device serve as a conduit for nefarious activity or being responsible for the spread of malware across the corporate network. After all, with SDPs users are never placed on the network to begin with.

5. Accelerates adoption of cloud and mobility – Cloud and mobility are priorities for the majority of enterprise teams today, but it can take months or even years to implement securely and across a global user base. This is partially due to the complexity involved in using traditional network and security technology to provide access to cloud apps from unmanaged user devices. SDPs use software to reduce complexity, thereby reducing implementation time from months or years to just hours. With SDP, organizations can more quickly reap the benefits of cloud and mobility. 

“With SDP, organizations can keep cloud resources completely dark to unauthorized users. This completely eliminates many attack vectors including brute-force attacks; network floodattacks,aswellasTLS vulnerabilities such as Heartbleed and Poodle.” 2

– The SDP Working Group, Cloud Security Alliance

2 Software Defined Perimeter for Infrastructure as a Service, The SDP Working Group, Cloud Security Alliance, 2017.

The software defined perimeter is a valuable tool to enterprise IT leaders. At Zscaler we have developed an SDP service called Zscaler Private Access (ZPA™). The service uses the cloud to provide secure and seamless remote access to internal applications.

Learn more about ZPA by visiting zscaler.com/products/zscaler-private-access or by contacting sales at sales@zscaler.com

Learn about SDP, offered as a service from

Zscaler

©2018 Zscaler, Inc. All rights reserved. Zscaler and ZPA are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the properties of their respective owners.